How to update root certificates in installation ISO?

Discussion in 'Windows 7' started by oink, Aug 8, 2016.

  1. oink

    oink MDL Novice

    Mar 27, 2012
    8
    0
    0
    I want to integrate current certificates (root, disallowed) into Windows 7 installation ISO.
    How to do it (DISM?) and what cert files do I need:
    rootsupd.exe
    authrootstl.cab
    disallowedcertstl.cab
    ?
     
  2. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    7,702
    24,943
    240
    Not possible
     
  3. PhaseDoubt

    PhaseDoubt MDL Expert

    Dec 24, 2011
    1,448
    278
    60
    You have to update the source, then rebuild the ISO file.
     
  4. oink

    oink MDL Novice

    Mar 27, 2012
    8
    0
    0
    "update the source"?
    More info, please.

    I have integrated latest updates and drivers (mass storage + usb 3.x) and stucked with old certs.

    PS I can unpack rootsupd.exe and run 4 commands:
    updroots.exe authroots.sst
    updroots.exe updroots.sst
    updroots.exe -l roots.sst
    updroots.exe -d delroots.sst
    ...but how to "inject" it into installation ISO?
     
  5. PhaseDoubt

    PhaseDoubt MDL Expert

    Dec 24, 2011
    1,448
    278
    60
    #5 PhaseDoubt, Aug 11, 2016
    Last edited: Aug 11, 2016
    An ISO is a cabinet file of sorts. If you open the ISO, or extract the contents, you'll see all the individual files and folders. Those individual files and folders are what I'm calling the source. Creating an ISO is sort of like compiling a .exe file.

    I was assuming (and we know the dangers there) you created the ISO file. If you did, somewhere you have all the various files and folders you originally used if you didn't delete them. If you didn't make the ISO, or if you did delete your source data, you can still extract the files and folders and alter them with the appropriate software. You then use your favorite ISO generating utility to create a NEW ISO (that is now different from the original ISO) that contains the changes you want.

    It's been a while since I last create an ISO (early days of Windows 7) so new programs and processes may have been created. I've always preferred to work with the source files when I can. If you decide to do so, keep a copy of your original ISO in a safe place for security purposes. That way, if you muck up the working ISO copy you can scrap it and start over with a fresh copy of your source ISO.

    If this is all Greek to you, then you need to do a fair amount of research on creating and maintaining ISOs. IMHO, it's way beyond the scope of this forum to teach a course in ISO usage and maintenance. I'm sure there are numerous tutorials you can find with your favorite search engine.
     
  6. oink

    oink MDL Novice

    Mar 27, 2012
    8
    0
    0
    Oh, really? :)
    I wrote that I already integrated latest updates and drivers, so you should assume that:
    - I know what ISO / boot ISO is - how to create/extract/etc.
    - I know what WIM is
    - I know what DISM and IMAGEX are
    - ...and many, many more.

    Again:
    I integrate updates using DISM with /Add-Package.
    I integrate drivers using DISM with /Add-Driver.
    How to intagrate new certs?

    If this is all Greek to you (sorry, but it looks like), then please don't waste your time on useless and pointless answers, and don't waste my time on reading it.
     
  7. PhaseDoubt

    PhaseDoubt MDL Expert

    Dec 24, 2011
    1,448
    278
    60
    Have fun young Jedi and enjoy your day.